How to secure your Raspberry Pi?

First of all, we have to decide what we need to secure.

Well… That’s easy! Everything!

One could argue that, since RBPi uses Linux, we could use SSL to secure Ethernet communications and, therefore, Internet connections. On the other hand, there are also many encryption libraries available out there, so one might think that we don't need to do anything special at all.

That could be true. But we are looking for some kind of strong and comprehensive security that allows us to protect not only the file system, but every input/output in the RBPi, instead of just the Ethernet port. Therefore, we want to secure the USB, the File system, I2C, GPIOs …

We also want strong security, so we cannot rely on software-generated keys/certificates because they do not use true random generated numbers2. At the same time, this strong protection system must not overload RBPi's processor, nor collapse its OS.

Once we decide to secure everything, let's see what we need:

A True Random Number Generator. It must obtain the seed from white noise generators with a very high entropy level.

A Hardware key generator which stores them internally3.

A certificate generator which generates the certificates, based on the keys mentioned above.

A secure file system that uses an internal certificate to prevent unauthorised access.